CVE-2024-11983 Billion Electric router - OS Command Injection

Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device...

CVE-2024-11983

CVE-2024-11983 affects several Billion Electric routers (e.g., M100, M150, M120N, M500). All sources describe an OS Command Injection vulnerability in a specific SSH function that allows remote administrators to inject and execute arbitrary system commands on the device. The issue is attributed t...

openSUSE Security Advisory (SUSE-SU-2024:4090-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. The package,...

K000148713: libssh2 vulnerabilities CVE-2019-3858 and CVE-2019-3862

Security Advisory Description CVE-2019-3858 An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

CVE-2024-7517

CVE-2024-7517 concerns a local, privileged escalation in Brocade Fabric OS prior to 9.2.0c and in 9.2.1–9.2.1a on IP Extension platforms (7810/7840/7850 or SX-6 blade on X6/X7). Exploitation requires an authenticated user on SSH/serial to craft portcfg usage. Root cause is a command-injection vul...

CVE-2024-7517 Privileged escalation via crafted use of portcfg command

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...

CVE-2024-7517 Privileged escalation via crafted use of portcfg command

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...

D-Link Routers Incorrect Use Of Privileged APIs (CVE-2024-11068)

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. Note that Nessus has not tested f...

Fedora: Security Advisory (FEDORA-2024-300397332b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GO-2024-3267 Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy

Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Vulnerability fixed in GitHub CLI

GitHub has fixed a vulnerability in GitHub CLI Specifically for versions 2.6.1 and earlier. The vulnerability is in how GitHub CLI manages SSH connection details. This could allow malicious actors to execute arbitrary code on the user's workstation when connecting to a malicious Codespace SSH...

Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server

Description: This update fixes the following issues: mgr-daemon: Version 4.3.11-0 Update translation strings spacecmd: Version 4.3.29-0 Speed up softwarechannelremovepackages bsc1227606 spacewalk-backend: Version 4.3.30-0 Make ISSv1 timezone independent bsc1221505 reposync: introduce timeout when...

USN-7108-1: AsyncSSH vulnerabilities

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. CVE-2023-46445 Fabian Bäumer, Marcus...

Fortinet FortiWeb Detection Consolidation

Consolidation of Fortinet FortiWeb detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...

D-Link DSL6740C OS Command Injection Vulnerability (CNVD-2024-45430)

The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. The D-Link DSL6740C suffers from an operating system command injection vulnerability, which can be exploited by a remote attacker with administrator privileges to inject and execute arbitrary system commands via specific...

D-Link DSL6740C OS Command Injection Vulnerability (CNVD-2024-45429)

The D-Link DSL6740C is a wireless VDSL router from China's AUO D-Link. The D-Link DSL6740C suffers from an operating system command injection vulnerability, which can be exploited by a remote attacker with administrator privileges to inject and execute arbitrary system commands via specific...

D-Link DSL6740C Operating System Command Injection Vulnerability

The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. The D-Link DSL6740C suffers from an operating system command injection vulnerability, which can be exploited by a remote attacker with administrator privileges to inject and execute arbitrary system commands via specific...

D-Link DSL6740C Incorrect Use of Privileged API Vulnerability

The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. A security vulnerability exists in the D-Link DSL6740C, which can be exploited by an attacker to modify arbitrary user passwords and later log in to Web, SSH, and Telnet services via certain APIs...

Security Update for Microsoft Visual Studio Code Remote SSH Extension (November 2024)

The Microsoft Visual Studio Code Remote SSH Extension is prior to version 0.115.1. It is, therefore, affected by an undisclosed elevation of privilege vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...